Collector
by LogStare
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-61161 | Hig | 0.55 | 8.4 | 0.00 | Oct 29, 2025 | DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that location. The vulnerable component is Evope.Service.exe, which runs with SYSTEM privileges and automatically loads the DLL on startup or reboot. | ||
| CVE-2025-64695 | 0.00 | — | 0.00 | Nov 21, 2025 | Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer. | |||
| CVE-2025-64299 | 0.00 | — | 0.00 | Nov 21, 2025 | LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes. | |||
| CVE-2025-62189 | 0.00 | — | 0.00 | Nov 21, 2025 | LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request. | |||
| CVE-2025-61949 | 0.00 | — | 0.00 | Nov 21, 2025 | LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page. | |||
| CVE-2025-58097 | 0.00 | — | 0.00 | Nov 21, 2025 | The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege. |
- risk 0.55cvss 8.4epss 0.00
DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.dll library from an uncontrolled search path (C:\ProgramData\Evope). This allows local unprivileged attackers to execute arbitrary code or escalate privileges to SYSTEM by placing a crafted DLL in that location. The vulnerable component is Evope.Service.exe, which runs with SYSTEM privileges and automatically loads the DLL on startup or reboot.
- CVE-2025-64695Nov 21, 2025risk 0.00cvss —epss 0.00
Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer.
- CVE-2025-64299Nov 21, 2025risk 0.00cvss —epss 0.00
LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes.
- CVE-2025-62189Nov 21, 2025risk 0.00cvss —epss 0.00
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request.
- CVE-2025-61949Nov 21, 2025risk 0.00cvss —epss 0.00
LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafted user information is stored, an arbitrary script may be executed on the web browser of the user who logs in to the product's management page.
- CVE-2025-58097Nov 21, 2025risk 0.00cvss —epss 0.00
The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege.